In what may be the biggest hack in digital currency’s short history, an ethereum-based company has suffered an attack that resulted in more than $156 million in digital currency being frozen and inaccessible.
That throws many technology companies – including some with entertainment projects – into limbo, unable to access funds raised for development and operations and relying on cash on hand, which may quickly run out.
Parity Technologies was the victim of the hack. The company manages a network of digital wallets which hold tokens that can be sold as needed by their owners and turned into cash. Earlier this week, a hacker breached one of the wallets and subsequently wiped out its contents, including a code library. That resulted in other wallets in the blockchain being frozen. Parity said today that 587 wallets containing 513,774.16 in ether, the digital coin associated with the ethereum blockchain, have been frozen.
That’s a total worth $156.4 million in dollars based on Saturday’s single-coin pricing for the digital currency, with much of it being raised through initial coin offerings, a popular financial instrument for public fundraising whereby companies can obtain money without giving up equity.
Parity has been reaching out to owners of the affected wallets, but, as yet, has not found a solution to unblocking the wallets and freeing the frozen funds. “We are endeavoring to find a solution as soon as possible,” said a statement from Jutta Steiner, the company founder. The situation was called “a learning opportunity” for the company, “albeit a painful one.”
Parity claims the hack happened when a “user” managed to access a smart contract, an ethereum blockchain feature that acts as a binding and immutable record of a transaction. By breaching the wallet, the hacker became its owner. The hacker then wiped out the smart contract underlying the wallet, which affected other wallets. The company claims the funds remain in the wallets, though frozen.
Parity has reached out to the developer community in search of a solution. Some analysts have indicated that a new change in the ethereum blockchain may have to be created to unblock the funds, but the Parity statement did not address that prospect.
Word is slowly trickling out on which companies have been affected by the frozen funds. One identified so far is Musiconomi, a system to share and promote music via the blockchain. It reportedly has $4.8 million frozen in its Parity accounts. Their problem pales, though, next to that of Polkadot, a company that reportedly has $98 million in funds locked up.
When those funds will be available is uncertain. Any initial coin offerings held since July 20, the date the flaw may have been instituted in an upgrade of Parity wallets, may be among those locked.
The current flaw is the second suffered by Parity in the last four months. A July theft of more than 150,000 ether valued then at about $32 million caused by another flaw was allegedly resolved on July 19, or one day before the current vulnerability issue.
If the $150 million proves to be lost, the incident would be far worse than the previous biggest ethereum hack, the notorious DAO incident of 2016.
The DAO, a decentralized, open source code, was a blockchain that sought to back ethereum projects. It was crowdfunded in May, 2016, and at the time, was the largest crowdfunding campaign in history.
However, in June of 2016, a vulnerability in the code exploited by hackers allowed them to take one-third of the DAO’s reserves, an estimated $50 million. The cure was an ethereum hard fork to restore funds, splitting ethereum into two coins, with the original called Ethereum Classic.